The fundamentals of the Managed Kafka offering
The service Managed Kafka is a fully managed Apache Kafka event streaming platform deployed on Cloud Temple's sovereign SecNumCloud infrastructure.
Designed for event-driven architectures and real-time data pipelines, this service handles all the operational complexity of a Kafka cluster: deployment, configuration, updates, high availability and monitoring. This means that data and application teams can concentrate on producing and consuming events, without having to manage the underlying infrastructure.
Each cluster is deployed in an environment dedicated to the customer, with an architecture that can range from a single zone to a multi-AZ architecture (up to 3 datacentres), guaranteeing resilience and service continuity.
Our compliance procedures
Our Managed Kafka offering is HDS and ISO 27 001 certified
The benefits of Cloud Temple's Managed Kafka offering
Simplified operation
Zero Ops, business focus
Free your teams from Kafka management with a fully operated platform (deployment, configuration, updates), so they can concentrate on producing and enhancing data flows.
Data sovereignty
Guaranteed compliance and residency
Host your strategic data flows on a SecNumCloud-qualified infrastructure in France, guaranteeing security, compliance and protection against unauthorised third-party access.
Native resilience
Multi-AZ high availability
Guarantee service continuity thanks to a distributed architecture with automatic replication and failover, even in the event of a data centre failure.
Frictionless scalability
Performance on demand
Dynamically adapt the capacity of your cluster by adding resources on the fly, to absorb load peaks without interrupting service.
Key features of our Managed Kafka
Apache Kafka brokers
Managed broker cluster (latest stable version Apache Kafka, ≥ 3.7), deployed on dedicated infrastructure.
KRaft mode (without ZooKeeper)
Native Kafka distributed consensus (KRaft), eliminating dependency on ZooKeeper for greater resilience.
Schema Registry
Centralised management of message schemas (Avro, Protobuf, JSON Schema) with evolution control.
Kafka Connect
Managed integration framework for connecting Kafka to external data sources and targets (databases, object storage, applications).
MirrorMaker 2
Replication of topics between Kafka clusters (Disaster Recovery, multi-environment).
REST Proxy
HTTP/REST interface for producing and consuming messages without a native Kafka client.
TLS encryption
Encryption of all client-broker and broker-broker communications using TLS 1.3.
SASL/SCRAM authentication
Strong authentication of producers and consumers using encrypted identifiers.
Authorisation by ACLs
Fine-grained access control by topic, consumer group and operation (read, write, administration).
Observability (Prometheus/Grafana)
JMX metrics exposed via Prometheus, pre-configured Grafana dashboards for Kafka KPIs (lag, throughput, ISR).
Isolation by dedicated cluster
Each customer has its own Kafka cluster on a dedicated infrastructure, with an isolated private network (no sharing of brokers between customers).
Technical specifications
Do you have a data streaming or event architecture project? Let's talk.
Are you building an IoT platform, migrating to an event-driven microservices architecture or looking to implement real-time Change Data Capture (CDC)? Our data experts and cloud architects will work with you to size your Kafka cluster, define your replication strategies and evaluate the integration of advanced components (Kafka Connect, Schema Registry) on our sovereign infrastructure.
Send us an outline of your project using this form: we'll get back to you as soon as possible to design the basis of your future streaming platform.
Pricing
| Kafka Managed work units - (excluding infrastructure) | Unit | Unit price € excl. tax/month | Commitment |
|---|---|---|---|
| KAFKA MANAGE - PRODUCTION (including 3 Nodes) | 1 virtual cluster | 1 275,00 € | 1 month |
| KAFKA MANAGE - DEV/TEST/RECETTE (including 3 Nodes) | 1 virtual cluster | 712,50 € | 1 month |
| BROKER NODE additional for Kafka Managé - PRODUCTION | 1 additional broker node | 375,00 € | 1 month |
| Additional BROKER NODE for Kafka Managed - DEV/TEST/RECETTE | 1 additional broker node | 225,00 € | 1 month |
| KAFKA Connect Worker additional | 1 additional worker | 375,00 € | 1 month |
Use cases
Background
No, the network is totally isolated.
For strict security reasons, access to your Kafka brokers is only possible from your private network (via IPsec VPN or dedicated interconnection). There are no direct public endpoints on the brokers. Each cluster is deployed in isolation on an infrastructure dedicated to the customer, with no sharing of brokers between customers.
No, we use KRaft mode natively.
Our Managed Kafka distribution (based on the latest stable releases, ≥ 3.7) leverages Kafka's native distributed consensus (KRaft). This completely eliminates the historical reliance on ZooKeeper, delivering better performance, increased scalability and enhanced resilience for your cluster.
You are still responsible for application processing.
The Managed Kafka service supports full management of brokers, the Schema Registry, Kafka Connect and the REST Proxy. However, the service does not offer a managed Kafka Streams plan: applications using Kafka Streams or processing frameworks (such as Apache Flink or Spark) must be deployed on the client side, for example on our Managed Kubernetes offering. Advanced configuration of Kafka JVMs (GC tuning) is also managed transparently by Cloud Temple.
With no interruption to service.
We plan two major updates per year. These are applied as rolling updates (node by node), guaranteeing continuity of service for your producers and consumers. Critical security patches are applied within 15 to 30 days of publication.
99.90 % for production environments.
A production cluster is distributed over 3 availability zones (multi-AZ with a replication factor of 3). For this architecture, we guarantee an availability rate of 99.90 % on the Kafka API. (Please note: Dev/Test type clusters, deployed on a single datacenter, are not subject to any SLA).